* [EMAIL PROTECTED] [2004-02-26 14:09:42 -0500]: > On Tue, Feb 24, 2004 at 10:33:57AM -0600, Troy Benjegerdes wrote: > > > I have a script that starts up courier-imap and courier-mta with tokens > > for a user called 'mail' that has ACL's for all the user's maildirs. > > We contemplated this and its a bad idea if you allow a user to put > arbitrary shellcode in .qmail -- any user's delivery can clobber any > other user's mail since they're all running with the same creds.
True, although if you tighten up the ACLs on the maildirs (lidk on tmp/, lik on new/ for the mail user) what you get is "only" denial of service and mailbox poisoning attacks, no clobbering of legitimate email. By "mailbox poisoning" I mean the insertion of a perfect forgery in which not even the first Received: header is authentic. Of course that's already bad enough. > (i.e. there's a user/mail princ/user.mail pts user for each user which > in turn only has rights on the user's maildir) Burns up twice as many uids, but if you can afford that it's the way to go. _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
